├── .gitmodules
├── LICENSE
├── Polaris22Fixup.xcodeproj
    └── project.pbxproj
├── Polaris22Fixup
    ├── Info.plist
    ├── kern_start.cpp
    └── memmem.c
└── README.md


/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "MacKernelSDK"]
2 | 	path = MacKernelSDK
3 | 	url = https://github.com/acidanthera/MacKernelSDK
4 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2019 osy
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Polaris22Fixup.xcodeproj/project.pbxproj:
--------------------------------------------------------------------------------
  1 | // !$*UTF8*$!
  2 | {
  3 | 	archiveVersion = 1;
  4 | 	classes = {
  5 | 	};
  6 | 	objectVersion = 50;
  7 | 	objects = {
  8 | 
  9 | /* Begin PBXBuildFile section */
 10 | 		CEDE8D7B22984F8F00C73034 /* libkmod.a in Frameworks */ = {isa = PBXBuildFile; fileRef = CEDE8D6E22984F7700C73034 /* libkmod.a */; };
 11 | 		CEDE8D7C22984FE600C73034 /* plugin_start.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CEDE8D7822984F7700C73034 /* plugin_start.cpp */; };
 12 | 		CEDE8D7E2298501600C73034 /* kern_start.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CEDE8D7D2298501600C73034 /* kern_start.cpp */; };
 13 | 		CEF819E8249862C700EB67BC /* memmem.c in Sources */ = {isa = PBXBuildFile; fileRef = CEF819E7249862C700EB67BC /* memmem.c */; };
 14 | /* End PBXBuildFile section */
 15 | 
 16 | /* Begin PBXFileReference section */
 17 | 		CEDE8CE522984C0800C73034 /* Polaris22Fixup.kext */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = Polaris22Fixup.kext; sourceTree = BUILT_PRODUCTS_DIR; };
 18 | 		CEDE8CEC22984C0800C73034 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 19 | 		CEDE8D4D22984F7600C73034 /* kern_config.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_config.hpp; sourceTree = "<group>"; };
 20 | 		CEDE8D4E22984F7600C73034 /* kern_atomic.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_atomic.hpp; sourceTree = "<group>"; };
 21 | 		CEDE8D4F22984F7600C73034 /* kern_time.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_time.hpp; sourceTree = "<group>"; };
 22 | 		CEDE8D5022984F7600C73034 /* kern_nvram.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_nvram.hpp; sourceTree = "<group>"; };
 23 | 		CEDE8D5122984F7600C73034 /* kern_cpu.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_cpu.hpp; sourceTree = "<group>"; };
 24 | 		CEDE8D5222984F7600C73034 /* kern_devinfo.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_devinfo.hpp; sourceTree = "<group>"; };
 25 | 		CEDE8D5322984F7600C73034 /* kern_efi.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_efi.hpp; sourceTree = "<group>"; };
 26 | 		CEDE8D5422984F7600C73034 /* kern_policy.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_policy.hpp; sourceTree = "<group>"; };
 27 | 		CEDE8D5522984F7600C73034 /* kern_user.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_user.hpp; sourceTree = "<group>"; };
 28 | 		CEDE8D5622984F7600C73034 /* plugin_start.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = plugin_start.hpp; sourceTree = "<group>"; };
 29 | 		CEDE8D5722984F7600C73034 /* kern_iokit.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_iokit.hpp; sourceTree = "<group>"; };
 30 | 		CEDE8D5822984F7600C73034 /* kern_crypto.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_crypto.hpp; sourceTree = "<group>"; };
 31 | 		CEDE8D5922984F7600C73034 /* kern_mach.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_mach.hpp; sourceTree = "<group>"; };
 32 | 		CEDE8D5A22984F7600C73034 /* kern_compression.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_compression.hpp; sourceTree = "<group>"; };
 33 | 		CEDE8D5B22984F7600C73034 /* kern_file.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_file.hpp; sourceTree = "<group>"; };
 34 | 		CEDE8D5C22984F7600C73034 /* kern_rtc.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_rtc.hpp; sourceTree = "<group>"; };
 35 | 		CEDE8D5D22984F7700C73034 /* kern_disasm.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_disasm.hpp; sourceTree = "<group>"; };
 36 | 		CEDE8D5F22984F7700C73034 /* capstone.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = capstone.h; sourceTree = "<group>"; };
 37 | 		CEDE8D6022984F7700C73034 /* mips.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mips.h; sourceTree = "<group>"; };
 38 | 		CEDE8D6122984F7700C73034 /* sparc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sparc.h; sourceTree = "<group>"; };
 39 | 		CEDE8D6222984F7700C73034 /* systemz.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = systemz.h; sourceTree = "<group>"; };
 40 | 		CEDE8D6322984F7700C73034 /* arm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = arm.h; sourceTree = "<group>"; };
 41 | 		CEDE8D6422984F7700C73034 /* x86.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x86.h; sourceTree = "<group>"; };
 42 | 		CEDE8D6522984F7700C73034 /* ppc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ppc.h; sourceTree = "<group>"; };
 43 | 		CEDE8D6622984F7700C73034 /* arm64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = arm64.h; sourceTree = "<group>"; };
 44 | 		CEDE8D6722984F7700C73034 /* xcore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = xcore.h; sourceTree = "<group>"; };
 45 | 		CEDE8D6822984F7700C73034 /* platform.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = "<group>"; };
 46 | 		CEDE8D6922984F7700C73034 /* kern_patcher.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_patcher.hpp; sourceTree = "<group>"; };
 47 | 		CEDE8D6A22984F7700C73034 /* kern_compat.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_compat.hpp; sourceTree = "<group>"; };
 48 | 		CEDE8D6B22984F7700C73034 /* kern_api.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_api.hpp; sourceTree = "<group>"; };
 49 | 		CEDE8D6C22984F7700C73034 /* kern_util.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_util.hpp; sourceTree = "<group>"; };
 50 | 		CEDE8D6E22984F7700C73034 /* libkmod.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libkmod.a; sourceTree = "<group>"; };
 51 | 		CEDE8D7022984F7700C73034 /* entry64.S */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.asm; path = entry64.S; sourceTree = "<group>"; };
 52 | 		CEDE8D7122984F7700C73034 /* build.tool */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = build.tool; sourceTree = "<group>"; };
 53 | 		CEDE8D7222984F7700C73034 /* entry32.S */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.asm; path = entry32.S; sourceTree = "<group>"; };
 54 | 		CEDE8D7322984F7700C73034 /* wrappers.inc */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.pascal; path = wrappers.inc; sourceTree = "<group>"; };
 55 | 		CEDE8D7522984F7700C73034 /* mac_framework.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mac_framework.h; sourceTree = "<group>"; };
 56 | 		CEDE8D7622984F7700C73034 /* mac_policy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mac_policy.h; sourceTree = "<group>"; };
 57 | 		CEDE8D7722984F7700C73034 /* _label.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = _label.h; sourceTree = "<group>"; };
 58 | 		CEDE8D7822984F7700C73034 /* plugin_start.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = plugin_start.cpp; sourceTree = "<group>"; };
 59 | 		CEDE8D7922984F7700C73034 /* LegacyIOService.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LegacyIOService.h; sourceTree = "<group>"; };
 60 | 		CEDE8D7D2298501600C73034 /* kern_start.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = kern_start.cpp; sourceTree = "<group>"; };
 61 | 		CEF819E7249862C700EB67BC /* memmem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = memmem.c; sourceTree = "<group>"; };
 62 | /* End PBXFileReference section */
 63 | 
 64 | /* Begin PBXFrameworksBuildPhase section */
 65 | 		CEDE8CE222984C0800C73034 /* Frameworks */ = {
 66 | 			isa = PBXFrameworksBuildPhase;
 67 | 			buildActionMask = 2147483647;
 68 | 			files = (
 69 | 				CEDE8D7B22984F8F00C73034 /* libkmod.a in Frameworks */,
 70 | 			);
 71 | 			runOnlyForDeploymentPostprocessing = 0;
 72 | 		};
 73 | /* End PBXFrameworksBuildPhase section */
 74 | 
 75 | /* Begin PBXGroup section */
 76 | 		CEDE8CDB22984C0800C73034 = {
 77 | 			isa = PBXGroup;
 78 | 			children = (
 79 | 				CEDE8D4B22984F5B00C73034 /* SDK */,
 80 | 				CEDE8CE722984C0800C73034 /* Polaris22Fixup */,
 81 | 				CEDE8CE622984C0800C73034 /* Products */,
 82 | 			);
 83 | 			sourceTree = "<group>";
 84 | 		};
 85 | 		CEDE8CE622984C0800C73034 /* Products */ = {
 86 | 			isa = PBXGroup;
 87 | 			children = (
 88 | 				CEDE8CE522984C0800C73034 /* Polaris22Fixup.kext */,
 89 | 			);
 90 | 			name = Products;
 91 | 			sourceTree = "<group>";
 92 | 		};
 93 | 		CEDE8CE722984C0800C73034 /* Polaris22Fixup */ = {
 94 | 			isa = PBXGroup;
 95 | 			children = (
 96 | 				CEDE8CEC22984C0800C73034 /* Info.plist */,
 97 | 				CEDE8D7D2298501600C73034 /* kern_start.cpp */,
 98 | 				CEF819E7249862C700EB67BC /* memmem.c */,
 99 | 			);
100 | 			path = Polaris22Fixup;
101 | 			sourceTree = "<group>";
102 | 		};
103 | 		CEDE8D4B22984F5B00C73034 /* SDK */ = {
104 | 			isa = PBXGroup;
105 | 			children = (
106 | 				CEDE8D4C22984F7600C73034 /* Headers */,
107 | 				CEDE8D6D22984F7700C73034 /* Library */,
108 | 			);
109 | 			name = SDK;
110 | 			sourceTree = "<group>";
111 | 		};
112 | 		CEDE8D4C22984F7600C73034 /* Headers */ = {
113 | 			isa = PBXGroup;
114 | 			children = (
115 | 				CEDE8D4D22984F7600C73034 /* kern_config.hpp */,
116 | 				CEDE8D4E22984F7600C73034 /* kern_atomic.hpp */,
117 | 				CEDE8D4F22984F7600C73034 /* kern_time.hpp */,
118 | 				CEDE8D5022984F7600C73034 /* kern_nvram.hpp */,
119 | 				CEDE8D5122984F7600C73034 /* kern_cpu.hpp */,
120 | 				CEDE8D5222984F7600C73034 /* kern_devinfo.hpp */,
121 | 				CEDE8D5322984F7600C73034 /* kern_efi.hpp */,
122 | 				CEDE8D5422984F7600C73034 /* kern_policy.hpp */,
123 | 				CEDE8D5522984F7600C73034 /* kern_user.hpp */,
124 | 				CEDE8D5622984F7600C73034 /* plugin_start.hpp */,
125 | 				CEDE8D5722984F7600C73034 /* kern_iokit.hpp */,
126 | 				CEDE8D5822984F7600C73034 /* kern_crypto.hpp */,
127 | 				CEDE8D5922984F7600C73034 /* kern_mach.hpp */,
128 | 				CEDE8D5A22984F7600C73034 /* kern_compression.hpp */,
129 | 				CEDE8D5B22984F7600C73034 /* kern_file.hpp */,
130 | 				CEDE8D5C22984F7600C73034 /* kern_rtc.hpp */,
131 | 				CEDE8D5D22984F7700C73034 /* kern_disasm.hpp */,
132 | 				CEDE8D5E22984F7700C73034 /* capstone */,
133 | 				CEDE8D6922984F7700C73034 /* kern_patcher.hpp */,
134 | 				CEDE8D6A22984F7700C73034 /* kern_compat.hpp */,
135 | 				CEDE8D6B22984F7700C73034 /* kern_api.hpp */,
136 | 				CEDE8D6C22984F7700C73034 /* kern_util.hpp */,
137 | 			);
138 | 			name = Headers;
139 | 			path = Lilu.kext/Contents/Resources/Headers;
140 | 			sourceTree = "<group>";
141 | 		};
142 | 		CEDE8D5E22984F7700C73034 /* capstone */ = {
143 | 			isa = PBXGroup;
144 | 			children = (
145 | 				CEDE8D5F22984F7700C73034 /* capstone.h */,
146 | 				CEDE8D6022984F7700C73034 /* mips.h */,
147 | 				CEDE8D6122984F7700C73034 /* sparc.h */,
148 | 				CEDE8D6222984F7700C73034 /* systemz.h */,
149 | 				CEDE8D6322984F7700C73034 /* arm.h */,
150 | 				CEDE8D6422984F7700C73034 /* x86.h */,
151 | 				CEDE8D6522984F7700C73034 /* ppc.h */,
152 | 				CEDE8D6622984F7700C73034 /* arm64.h */,
153 | 				CEDE8D6722984F7700C73034 /* xcore.h */,
154 | 				CEDE8D6822984F7700C73034 /* platform.h */,
155 | 			);
156 | 			path = capstone;
157 | 			sourceTree = "<group>";
158 | 		};
159 | 		CEDE8D6D22984F7700C73034 /* Library */ = {
160 | 			isa = PBXGroup;
161 | 			children = (
162 | 				CEDE8D6E22984F7700C73034 /* libkmod.a */,
163 | 				CEDE8D6F22984F7700C73034 /* wrappers */,
164 | 				CEDE8D7422984F7700C73034 /* security */,
165 | 				CEDE8D7822984F7700C73034 /* plugin_start.cpp */,
166 | 				CEDE8D7922984F7700C73034 /* LegacyIOService.h */,
167 | 			);
168 | 			name = Library;
169 | 			path = Lilu.kext/Contents/Resources/Library;
170 | 			sourceTree = "<group>";
171 | 		};
172 | 		CEDE8D6F22984F7700C73034 /* wrappers */ = {
173 | 			isa = PBXGroup;
174 | 			children = (
175 | 				CEDE8D7022984F7700C73034 /* entry64.S */,
176 | 				CEDE8D7122984F7700C73034 /* build.tool */,
177 | 				CEDE8D7222984F7700C73034 /* entry32.S */,
178 | 				CEDE8D7322984F7700C73034 /* wrappers.inc */,
179 | 			);
180 | 			path = wrappers;
181 | 			sourceTree = "<group>";
182 | 		};
183 | 		CEDE8D7422984F7700C73034 /* security */ = {
184 | 			isa = PBXGroup;
185 | 			children = (
186 | 				CEDE8D7522984F7700C73034 /* mac_framework.h */,
187 | 				CEDE8D7622984F7700C73034 /* mac_policy.h */,
188 | 				CEDE8D7722984F7700C73034 /* _label.h */,
189 | 			);
190 | 			path = security;
191 | 			sourceTree = "<group>";
192 | 		};
193 | /* End PBXGroup section */
194 | 
195 | /* Begin PBXHeadersBuildPhase section */
196 | 		CEDE8CE022984C0800C73034 /* Headers */ = {
197 | 			isa = PBXHeadersBuildPhase;
198 | 			buildActionMask = 2147483647;
199 | 			files = (
200 | 			);
201 | 			runOnlyForDeploymentPostprocessing = 0;
202 | 		};
203 | /* End PBXHeadersBuildPhase section */
204 | 
205 | /* Begin PBXNativeTarget section */
206 | 		CEDE8CE422984C0800C73034 /* Polaris22Fixup */ = {
207 | 			isa = PBXNativeTarget;
208 | 			buildConfigurationList = CEDE8CEF22984C0800C73034 /* Build configuration list for PBXNativeTarget "Polaris22Fixup" */;
209 | 			buildPhases = (
210 | 				CEDE8CE022984C0800C73034 /* Headers */,
211 | 				CEDE8CE122984C0800C73034 /* Sources */,
212 | 				CEDE8CE222984C0800C73034 /* Frameworks */,
213 | 				CEDE8CE322984C0800C73034 /* Resources */,
214 | 			);
215 | 			buildRules = (
216 | 			);
217 | 			dependencies = (
218 | 			);
219 | 			name = Polaris22Fixup;
220 | 			productName = Polaris22Fixup;
221 | 			productReference = CEDE8CE522984C0800C73034 /* Polaris22Fixup.kext */;
222 | 			productType = "com.apple.product-type.kernel-extension";
223 | 		};
224 | /* End PBXNativeTarget section */
225 | 
226 | /* Begin PBXProject section */
227 | 		CEDE8CDC22984C0800C73034 /* Project object */ = {
228 | 			isa = PBXProject;
229 | 			attributes = {
230 | 				LastUpgradeCheck = 1020;
231 | 				ORGANIZATIONNAME = osy86;
232 | 				TargetAttributes = {
233 | 					CEDE8CE422984C0800C73034 = {
234 | 						CreatedOnToolsVersion = 10.2.1;
235 | 					};
236 | 				};
237 | 			};
238 | 			buildConfigurationList = CEDE8CDF22984C0800C73034 /* Build configuration list for PBXProject "Polaris22Fixup" */;
239 | 			compatibilityVersion = "Xcode 9.3";
240 | 			developmentRegion = en;
241 | 			hasScannedForEncodings = 0;
242 | 			knownRegions = (
243 | 				en,
244 | 			);
245 | 			mainGroup = CEDE8CDB22984C0800C73034;
246 | 			productRefGroup = CEDE8CE622984C0800C73034 /* Products */;
247 | 			projectDirPath = "";
248 | 			projectRoot = "";
249 | 			targets = (
250 | 				CEDE8CE422984C0800C73034 /* Polaris22Fixup */,
251 | 			);
252 | 		};
253 | /* End PBXProject section */
254 | 
255 | /* Begin PBXResourcesBuildPhase section */
256 | 		CEDE8CE322984C0800C73034 /* Resources */ = {
257 | 			isa = PBXResourcesBuildPhase;
258 | 			buildActionMask = 2147483647;
259 | 			files = (
260 | 			);
261 | 			runOnlyForDeploymentPostprocessing = 0;
262 | 		};
263 | /* End PBXResourcesBuildPhase section */
264 | 
265 | /* Begin PBXSourcesBuildPhase section */
266 | 		CEDE8CE122984C0800C73034 /* Sources */ = {
267 | 			isa = PBXSourcesBuildPhase;
268 | 			buildActionMask = 2147483647;
269 | 			files = (
270 | 				CEF819E8249862C700EB67BC /* memmem.c in Sources */,
271 | 				CEDE8D7C22984FE600C73034 /* plugin_start.cpp in Sources */,
272 | 				CEDE8D7E2298501600C73034 /* kern_start.cpp in Sources */,
273 | 			);
274 | 			runOnlyForDeploymentPostprocessing = 0;
275 | 		};
276 | /* End PBXSourcesBuildPhase section */
277 | 
278 | /* Begin XCBuildConfiguration section */
279 | 		CEDE8CED22984C0800C73034 /* Debug */ = {
280 | 			isa = XCBuildConfiguration;
281 | 			buildSettings = {
282 | 				ALWAYS_SEARCH_USER_PATHS = NO;
283 | 				CLANG_ANALYZER_NONNULL = YES;
284 | 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
285 | 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
286 | 				CLANG_CXX_LIBRARY = "libc++";
287 | 				CLANG_ENABLE_MODULES = YES;
288 | 				CLANG_ENABLE_OBJC_ARC = YES;
289 | 				CLANG_ENABLE_OBJC_WEAK = YES;
290 | 				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
291 | 				CLANG_WARN_BOOL_CONVERSION = YES;
292 | 				CLANG_WARN_COMMA = YES;
293 | 				CLANG_WARN_CONSTANT_CONVERSION = YES;
294 | 				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
295 | 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
296 | 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
297 | 				CLANG_WARN_EMPTY_BODY = YES;
298 | 				CLANG_WARN_ENUM_CONVERSION = YES;
299 | 				CLANG_WARN_INFINITE_RECURSION = YES;
300 | 				CLANG_WARN_INT_CONVERSION = YES;
301 | 				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
302 | 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
303 | 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
304 | 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
305 | 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
306 | 				CLANG_WARN_STRICT_PROTOTYPES = YES;
307 | 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
308 | 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
309 | 				CLANG_WARN_UNREACHABLE_CODE = YES;
310 | 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
311 | 				CODE_SIGN_IDENTITY = "-";
312 | 				COPY_PHASE_STRIP = NO;
313 | 				DEBUG_INFORMATION_FORMAT = dwarf;
314 | 				ENABLE_STRICT_OBJC_MSGSEND = YES;
315 | 				ENABLE_TESTABILITY = YES;
316 | 				GCC_C_LANGUAGE_STANDARD = gnu11;
317 | 				GCC_DYNAMIC_NO_PIC = NO;
318 | 				GCC_NO_COMMON_BLOCKS = YES;
319 | 				GCC_OPTIMIZATION_LEVEL = 0;
320 | 				GCC_PREPROCESSOR_DEFINITIONS = (
321 | 					"DEBUG=1",
322 | 					"$(inherited)",
323 | 				);
324 | 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
325 | 				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
326 | 				GCC_WARN_UNDECLARED_SELECTOR = YES;
327 | 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
328 | 				GCC_WARN_UNUSED_FUNCTION = YES;
329 | 				GCC_WARN_UNUSED_VARIABLE = YES;
330 | 				KERNEL_EXTENSION_HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Headers";
331 | 				KERNEL_FRAMEWORK_HEADERS = "$(PROJECT_DIR)/MacKernelSDK/Headers";
332 | 				MACOSX_DEPLOYMENT_TARGET = 10.14;
333 | 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
334 | 				MTL_FAST_MATH = YES;
335 | 				ONLY_ACTIVE_ARCH = YES;
336 | 				SDKROOT = macosx;
337 | 			};
338 | 			name = Debug;
339 | 		};
340 | 		CEDE8CEE22984C0800C73034 /* Release */ = {
341 | 			isa = XCBuildConfiguration;
342 | 			buildSettings = {
343 | 				ALWAYS_SEARCH_USER_PATHS = NO;
344 | 				CLANG_ANALYZER_NONNULL = YES;
345 | 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
346 | 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
347 | 				CLANG_CXX_LIBRARY = "libc++";
348 | 				CLANG_ENABLE_MODULES = YES;
349 | 				CLANG_ENABLE_OBJC_ARC = YES;
350 | 				CLANG_ENABLE_OBJC_WEAK = YES;
351 | 				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
352 | 				CLANG_WARN_BOOL_CONVERSION = YES;
353 | 				CLANG_WARN_COMMA = YES;
354 | 				CLANG_WARN_CONSTANT_CONVERSION = YES;
355 | 				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
356 | 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
357 | 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
358 | 				CLANG_WARN_EMPTY_BODY = YES;
359 | 				CLANG_WARN_ENUM_CONVERSION = YES;
360 | 				CLANG_WARN_INFINITE_RECURSION = YES;
361 | 				CLANG_WARN_INT_CONVERSION = YES;
362 | 				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
363 | 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
364 | 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
365 | 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
366 | 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
367 | 				CLANG_WARN_STRICT_PROTOTYPES = YES;
368 | 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
369 | 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
370 | 				CLANG_WARN_UNREACHABLE_CODE = YES;
371 | 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
372 | 				CODE_SIGN_IDENTITY = "-";
373 | 				COPY_PHASE_STRIP = NO;
374 | 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
375 | 				ENABLE_NS_ASSERTIONS = NO;
376 | 				ENABLE_STRICT_OBJC_MSGSEND = YES;
377 | 				GCC_C_LANGUAGE_STANDARD = gnu11;
378 | 				GCC_NO_COMMON_BLOCKS = YES;
379 | 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
380 | 				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
381 | 				GCC_WARN_UNDECLARED_SELECTOR = YES;
382 | 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
383 | 				GCC_WARN_UNUSED_FUNCTION = YES;
384 | 				GCC_WARN_UNUSED_VARIABLE = YES;
385 | 				KERNEL_EXTENSION_HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Headers";
386 | 				KERNEL_FRAMEWORK_HEADERS = "$(PROJECT_DIR)/MacKernelSDK/Headers";
387 | 				MACOSX_DEPLOYMENT_TARGET = 10.14;
388 | 				MTL_ENABLE_DEBUG_INFO = NO;
389 | 				MTL_FAST_MATH = YES;
390 | 				SDKROOT = macosx;
391 | 			};
392 | 			name = Release;
393 | 		};
394 | 		CEDE8CF022984C0800C73034 /* Debug */ = {
395 | 			isa = XCBuildConfiguration;
396 | 			buildSettings = {
397 | 				ARCHS = x86_64;
398 | 				CODE_SIGN_STYLE = Automatic;
399 | 				COMBINE_HIDPI_IMAGES = YES;
400 | 				CURRENT_PROJECT_VERSION = 1.0.0d1;
401 | 				GCC_PREPROCESSOR_DEFINITIONS = (
402 | 					"$(inherited)",
403 | 					"MODULE_VERSION=$(MODULE_VERSION)",
404 | 					"PRODUCT_NAME=$(PRODUCT_NAME)",
405 | 				);
406 | 				HEADER_SEARCH_PATHS = (
407 | 					"${PROJECT_DIR}/Lilu.kext/Contents/Resources",
408 | 					"$(PROJECT_DIR)/MacKernelSDK/Headers",
409 | 				);
410 | 				INFOPLIST_FILE = Polaris22Fixup/Info.plist;
411 | 				LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Library/x86_64";
412 | 				MODULE_NAME = com.osy86.Polaris22Fixup;
413 | 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
414 | 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
415 | 				MODULE_VERSION = 1.3.7;
416 | 				PRODUCT_BUNDLE_IDENTIFIER = com.osy86.Polaris22Fixup;
417 | 				PRODUCT_NAME = "$(TARGET_NAME)";
418 | 				WRAPPER_EXTENSION = kext;
419 | 			};
420 | 			name = Debug;
421 | 		};
422 | 		CEDE8CF122984C0800C73034 /* Release */ = {
423 | 			isa = XCBuildConfiguration;
424 | 			buildSettings = {
425 | 				ARCHS = x86_64;
426 | 				CODE_SIGN_STYLE = Automatic;
427 | 				COMBINE_HIDPI_IMAGES = YES;
428 | 				CURRENT_PROJECT_VERSION = 1.0.0d1;
429 | 				GCC_PREPROCESSOR_DEFINITIONS = (
430 | 					"$(inherited)",
431 | 					"MODULE_VERSION=$(MODULE_VERSION)",
432 | 					"PRODUCT_NAME=$(PRODUCT_NAME)",
433 | 				);
434 | 				HEADER_SEARCH_PATHS = (
435 | 					"${PROJECT_DIR}/Lilu.kext/Contents/Resources",
436 | 					"$(PROJECT_DIR)/MacKernelSDK/Headers",
437 | 				);
438 | 				INFOPLIST_FILE = Polaris22Fixup/Info.plist;
439 | 				LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Library/x86_64";
440 | 				MODULE_NAME = com.osy86.Polaris22Fixup;
441 | 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
442 | 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
443 | 				MODULE_VERSION = 1.3.7;
444 | 				PRODUCT_BUNDLE_IDENTIFIER = com.osy86.Polaris22Fixup;
445 | 				PRODUCT_NAME = "$(TARGET_NAME)";
446 | 				WRAPPER_EXTENSION = kext;
447 | 			};
448 | 			name = Release;
449 | 		};
450 | /* End XCBuildConfiguration section */
451 | 
452 | /* Begin XCConfigurationList section */
453 | 		CEDE8CDF22984C0800C73034 /* Build configuration list for PBXProject "Polaris22Fixup" */ = {
454 | 			isa = XCConfigurationList;
455 | 			buildConfigurations = (
456 | 				CEDE8CED22984C0800C73034 /* Debug */,
457 | 				CEDE8CEE22984C0800C73034 /* Release */,
458 | 			);
459 | 			defaultConfigurationIsVisible = 0;
460 | 			defaultConfigurationName = Release;
461 | 		};
462 | 		CEDE8CEF22984C0800C73034 /* Build configuration list for PBXNativeTarget "Polaris22Fixup" */ = {
463 | 			isa = XCConfigurationList;
464 | 			buildConfigurations = (
465 | 				CEDE8CF022984C0800C73034 /* Debug */,
466 | 				CEDE8CF122984C0800C73034 /* Release */,
467 | 			);
468 | 			defaultConfigurationIsVisible = 0;
469 | 			defaultConfigurationName = Release;
470 | 		};
471 | /* End XCConfigurationList section */
472 | 	};
473 | 	rootObject = CEDE8CDC22984C0800C73034 /* Project object */;
474 | }
475 | 


--------------------------------------------------------------------------------
/Polaris22Fixup/Info.plist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>CFBundleDevelopmentRegion</key>
 6 | 	<string>$(DEVELOPMENT_LANGUAGE)</string>
 7 | 	<key>CFBundleExecutable</key>
 8 | 	<string>$(EXECUTABLE_NAME)</string>
 9 | 	<key>CFBundleIdentifier</key>
10 | 	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
11 | 	<key>CFBundleInfoDictionaryVersion</key>
12 | 	<string>6.0</string>
13 | 	<key>CFBundleName</key>
14 | 	<string>$(PRODUCT_NAME)</string>
15 | 	<key>CFBundlePackageType</key>
16 | 	<string>KEXT</string>
17 | 	<key>CFBundleShortVersionString</key>
18 | 	<string>$(MODULE_VERSION)</string>
19 | 	<key>CFBundleVersion</key>
20 | 	<string>$(MODULE_VERSION)</string>
21 | 	<key>IOKitPersonalities</key>
22 | 	<dict>
23 | 		<key>Polaris22Fixup</key>
24 | 		<dict>
25 | 			<key>CFBundleIdentifier</key>
26 | 			<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
27 | 			<key>IOClass</key>
28 | 			<string>$(PRODUCT_NAME:rfc1034identifier)</string>
29 | 			<key>IOMatchCategory</key>
30 | 			<string>$(PRODUCT_NAME:rfc1034identifier)</string>
31 | 			<key>IOProviderClass</key>
32 | 			<string>IOResources</string>
33 | 			<key>IOResourceMatch</key>
34 | 			<string>IOKit</string>
35 | 		</dict>
36 | 	</dict>
37 | 	<key>NSHumanReadableCopyright</key>
38 | 	<string>Copyright © 2020 osy86. All rights reserved.</string>
39 | 	<key>OSBundleLibraries</key>
40 | 	<dict>
41 | 		<key>as.vit9696.Lilu</key>
42 | 		<string>1.4.7</string>
43 | 		<key>com.apple.kpi.bsd</key>
44 | 		<string>12.0.0</string>
45 | 		<key>com.apple.kpi.dsep</key>
46 | 		<string>12.0.0</string>
47 | 		<key>com.apple.kpi.iokit</key>
48 | 		<string>12.0.0</string>
49 | 		<key>com.apple.kpi.libkern</key>
50 | 		<string>12.0.0</string>
51 | 		<key>com.apple.kpi.mach</key>
52 | 		<string>12.0.0</string>
53 | 		<key>com.apple.kpi.unsupported</key>
54 | 		<string>12.0.0</string>
55 | 	</dict>
56 | 	<key>OSBundleRequired</key>
57 | 	<string>Root</string>
58 | </dict>
59 | </plist>
60 | 


--------------------------------------------------------------------------------
/Polaris22Fixup/kern_start.cpp:
--------------------------------------------------------------------------------
  1 | //
  2 | //  kern_start.cpp
  3 | //  Polaris22Fixup
  4 | //
  5 | //  Copyright © 2020 osy86. All rights reserved.
  6 | //
  7 | 
  8 | #include <Headers/plugin_start.hpp>
  9 | #include <Headers/kern_api.hpp>
 10 | 
 11 | #define UNLIKELY(x) __builtin_expect(!!(x), 0)
 12 | #define MODULE_SHORT "p22"
 13 | 
 14 | extern "C" void *memmem(const void *h0, size_t k, const void *n0, size_t l);
 15 | 
 16 | static const int kPathMaxLen = 1024;
 17 | 
 18 | #pragma mark - Patches
 19 | 
 20 | static const int kEllesmereDeviceId = 0x67DF;
 21 | 
 22 | static const uint8_t kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal[] = {
 23 |     0xb8, 0x02, 0x00, 0x00, 0x00, 0x0f, 0x43, 0xc1, 0xeb,
 24 | };
 25 | 
 26 | static const uint8_t kAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched[] = {
 27 |     0xb8, 0x02, 0x00, 0x00, 0x00, 0x90, 0x90, 0x90, 0xeb,
 28 | };
 29 | 
 30 | static constexpr size_t kAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize = sizeof(kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal);
 31 | 
 32 | static_assert(kAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize == sizeof(kAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched), "patch size invalid");
 33 | 
 34 | static const uint8_t kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal[] = {
 35 |     0xb9, 0x02, 0x00, 0x00, 0x00, 0x01, 0xc8, 0x41, 0x83, 0xf8, 0x21, 0x0f, 0x42, 0xc1, 0xeb,
 36 | };
 37 | 
 38 | static const uint8_t kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched[] = {
 39 |     0xb9, 0x02, 0x00, 0x00, 0x00, 0x01, 0xc8, 0x41, 0x83, 0xf8, 0x00, 0x0f, 0x43, 0xc1, 0xeb,
 40 | };
 41 | 
 42 | static constexpr size_t kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize = sizeof(kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal);
 43 | 
 44 | static_assert(kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize == sizeof(kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched), "patch size invalid");
 45 | 
 46 | static const uint8_t kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal[] = {
 47 |     0x0f, 0x95, 0xc0, 0x01, 0xc0, 0x83, 0xc0, 0x02, 0x5d, 0xc3, 0x55,
 48 | };
 49 | 
 50 | static const uint8_t kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched[] = {
 51 |     0x0f, 0x95, 0xc0, 0x31, 0xc0, 0x83, 0xc0, 0x02, 0x5d, 0xc3, 0x55,
 52 | };
 53 | 
 54 | static const uint8_t kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal[] = {
 55 |     0x83, 0xc0, 0x02, 0xeb, 0x0e, 0x31, 0xc0, 0xf6, 0x47, 0x08, 0xc0, 0x0f, 0x95, 0xc0, 0x01, 0xc0, 0x83, 0xc0, 0x02, 0x5d, 0xc3, 0x55,
 56 | };
 57 | 
 58 | static const uint8_t kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched[] = {
 59 |     0x83, 0xc0, 0x02, 0xeb, 0x09, 0x31, 0xc0, 0xf6, 0x47, 0x08, 0xc0, 0x0f, 0x95, 0xc0, 0x31, 0xc0, 0x83, 0xc0, 0x02, 0x5d, 0xc3, 0x55,
 60 | };
 61 | 
 62 | 
 63 | static constexpr size_t kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize = sizeof(kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal);
 64 | 
 65 | static_assert(kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnSize == sizeof(kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched), "patch size invalid");
 66 | 
 67 | //patch the 160th bit of CAIL_DDI_CAPS_POLARIS22_A0 to zero
 68 | static const uint8_t kCAIL_DDI_CAPS_POLARIS22_A0Original[] = {
 69 |     0x05, 0x00, 0x80, 0x00, 0xFE, 0x11, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x11, 0x00, 0x02, 0x00, 0x00,
 70 |     0x01, 0x00, 0x00, 0x68, 0x00, 0x00, 0x40, 0x29, 0x02, 0x40, 0x00, 0x00, 0x01, 0x01, 0x8A, 0x62, 0x10, 0x86, 0xA2, 0x41,
 71 |     0x00, 0x00, 0x00, 0x22, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 72 |     0x00, 0x00, 0x00, 0x00,
 73 | };
 74 | 
 75 | static const uint8_t kCAIL_DDI_CAPS_POLARIS22_A0Patched[] = {
 76 |     0x05, 0x00, 0x80, 0x00, 0xFE, 0x11, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x11, 0x00, 0x02, 0x00, 0x00,
 77 |     0x01, 0x00, 0x00, 0x68, 0x00, 0x00, 0x40, 0x29, 0x02, 0x40, 0x00, 0x00, 0x01, 0x01, 0x8A, 0x62, 0x10, 0x86, 0xA2, 0x41,
 78 |     0x00, 0x00, 0x00, 0x22, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 79 |     0x00, 0x00, 0x00, 0x00,
 80 | 
 81 | };
 82 | 
 83 | static constexpr size_t kPECI_IsEarlySAMUInitEnabledOriginalSize = sizeof(kCAIL_DDI_CAPS_POLARIS22_A0Original);
 84 | 
 85 | static_assert(kPECI_IsEarlySAMUInitEnabledOriginalSize == sizeof(kCAIL_DDI_CAPS_POLARIS22_A0Patched), "patch size invalid");
 86 | 
 87 | 
 88 | static const char kAmdBronzeMtlDriverPath[kPathMaxLen] = "/System/Library/Extensions/AMDMTLBronzeDriver.bundle/Contents/MacOS/AMDMTLBronzeDriver";
 89 | 
 90 | static const char kDyldCachePath[kPathMaxLen] = "/private/var/db/dyld/dyld_shared_cache_x86_64h";
 91 | 
 92 | static const char kBigSurDyldCachePath[kPathMaxLen] = "/System/Library/dyld/dyld_shared_cache_x86_64h";
 93 | 
 94 | static const char *kAmdRadeonX4000HwLibsPath[] { "/System/Library/Extensions/AMDRadeonX4000HWServices.kext/Contents/PlugIns/AMDRadeonX4000HWLibs.kext/Contents/MacOS/AMDRadeonX4000HWLibs" };
 95 | 
 96 | static const char *kAmdRadeonX4000Path[] { "/System/Library/Extensions/AMDRadeonX4000.kext/Contents/MacOS/AMDRadeonX4000" };
 97 | 
 98 | enum {
 99 |     kAmdRadeonX4000=0,
100 |     kAmdRadeonX4000HwLibs,
101 | };
102 | 
103 | static KernelPatcher::KextInfo kAMDHWLibsInfo[] = {
104 |     [kAmdRadeonX4000] = { "com.apple.kext.AMDRadeonX4000", kAmdRadeonX4000Path, arrsize(kAmdRadeonX4000Path), {true}, {}, KernelPatcher::KextInfo::Unloaded },
105 |     [kAmdRadeonX4000HwLibs] = { "com.apple.kext.AMDRadeonX4000HWLibs", kAmdRadeonX4000HwLibsPath, arrsize(kAmdRadeonX4000HwLibsPath), {true}, {}, KernelPatcher::KextInfo::Unloaded },
106 | };
107 | 
108 | static mach_vm_address_t orig_cs_validate {};
109 | static mach_vm_address_t orig_getHardwareInfo {};
110 | 
111 | #pragma mark - Kernel patching code
112 | 
113 | /**
114 |  * Call block with interrupts and protections disabled
115 |  */
116 | static void doKernelPatch(void (^patchFunc)(void)) {
117 |     if (MachInfo::setKernelWriting(true, KernelPatcher::kernelWriteLock) == KERN_SUCCESS) {
118 |         DBGLOG(MODULE_SHORT, "obtained write permssions");
119 |     } else {
120 |         SYSLOG(MODULE_SHORT, "failed to obtain write permissions");
121 |         return;
122 |     }
123 |     
124 |     patchFunc();
125 |     
126 |     if (MachInfo::setKernelWriting(false, KernelPatcher::kernelWriteLock) == KERN_SUCCESS) {
127 |         DBGLOG(MODULE_SHORT, "restored write permssions");
128 |     } else {
129 |         SYSLOG(MODULE_SHORT, "failed to restore write permissions");
130 |     }
131 | }
132 | 
133 | template <size_t patchSize>
134 | static inline bool searchAndPatch(const void *haystack,
135 |                                   size_t haystackSize,
136 |                                   const char (&path)[kPathMaxLen],
137 |                                   const char (&dylibCachePath)[kPathMaxLen],
138 |                                   const uint8_t (&needle)[patchSize],
139 |                                   const uint8_t (&patch)[patchSize]) {
140 |     if (UNLIKELY(strncmp(path, kAmdBronzeMtlDriverPath, sizeof(kAmdBronzeMtlDriverPath)) == 0) ||
141 |         UNLIKELY(strncmp(path, dylibCachePath, sizeof(dylibCachePath)) == 0)) {
142 |         void *res;
143 |         if (UNLIKELY((res = memmem(haystack, haystackSize, needle, patchSize)) != NULL)) {
144 |             SYSLOG(MODULE_SHORT, "found function to patch!");
145 |             SYSLOG(MODULE_SHORT, "path: %s", path);
146 |             doKernelPatch(^{
147 |                 lilu_os_memcpy(res, patch, patchSize);
148 |             });
149 |             return true;
150 |         }
151 |     }
152 |     return false;
153 | }
154 | 
155 | #pragma mark - Patched functions
156 | 
157 | // pre Big Sur
158 | static boolean_t patched_cs_validate_range(vnode_t vp,
159 |                                            memory_object_t pager,
160 |                                            memory_object_offset_t offset,
161 |                                            const void *data,
162 |                                            vm_size_t size,
163 |                                            unsigned *result) {
164 |     char path[kPathMaxLen];
165 |     int pathlen = kPathMaxLen;
166 |     boolean_t res = FunctionCast(patched_cs_validate_range, orig_cs_validate)(vp, pager, offset, data, size, result);
167 |     if (res && vn_getpath(vp, path, &pathlen) == 0) {
168 |         searchAndPatch(data, size, path, kDyldCachePath, kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal, kAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched);
169 |     }
170 |     return res;
171 | }
172 | 
173 | // For Big Sur+
174 | static void patched_cs_validate_page(vnode_t vp,
175 |                                           memory_object_t pager,
176 |                                           memory_object_offset_t page_offset,
177 |                                           const void *data,
178 |                                           int *arg4,
179 |                                           int *arg5,
180 |                                           int *arg6) {
181 |     char path[kPathMaxLen];
182 |     int pathlen = kPathMaxLen;
183 |     FunctionCast(patched_cs_validate_page, orig_cs_validate)(vp, pager, page_offset, data, arg4, arg5, arg6);
184 |     if (vn_getpath(vp, path, &pathlen) == 0 && UserPatcher::matchSharedCachePath(path)) {
185 |         // covers pattern in macOS 11.0-11.2
186 |         if (UNLIKELY(KernelPatcher::findAndReplace(const_cast<void *>(data), PAGE_SIZE, kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal, sizeof(kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal), kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched, sizeof(kBigSurAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched)))) {
187 |             DBGLOG(MODULE_SHORT, "found function to patch at %s!", path);
188 |             return;
189 |         }
190 |         // covers pattern in macOS 11.3 - 12.2
191 |         if (UNLIKELY(KernelPatcher::findAndReplace(const_cast<void *>(data), PAGE_SIZE, kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal, sizeof(kAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal), kAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched, sizeof(kAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched)))) {
192 |             DBGLOG(MODULE_SHORT, "found function to patch at %s!", path);
193 |             return;
194 |         }
195 |         // covers pattern in macOS 13.3+
196 |         // patch for 12.3-13.3 is a substring of this patch. So run this first.
197 |         // TODO: use getKernelVersion and KernelMinorVersion in Lilu for more clear implementation
198 |         if (UNLIKELY(KernelPatcher::findAndReplace(const_cast<void *>(data), PAGE_SIZE, kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal, sizeof(kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal), kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched, sizeof(kVentura133AmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched)))) {
199 |             DBGLOG(MODULE_SHORT, "found function to patch at %s!", path);
200 |             return;
201 |         }
202 |         // covers pattern in macOS 12.3 - 13.2
203 |         if (UNLIKELY(KernelPatcher::findAndReplace(const_cast<void *>(data), PAGE_SIZE, kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal, sizeof(kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnOriginal), kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched, sizeof(kMontereyAmdBronzeMtlAddrLibGetBaseArrayModeReturnPatched)))) {
204 |             DBGLOG(MODULE_SHORT, "found function to patch at %s!", path);
205 |             return;
206 |         }
207 | 
208 |     }
209 | }
210 | 
211 | static int patched_getHardwareInfo(void *obj, uint16_t *hwInfo) {
212 |     int ret = FunctionCast(patched_getHardwareInfo, orig_getHardwareInfo)(obj, hwInfo);
213 |     DBGLOG(MODULE_SHORT, "AMDRadeonX4000_AMDAccelDevice::getHardwareInfo: return 0x%08X");
214 |     if (ret == 0) {
215 |         SYSLOG(MODULE_SHORT, "getHardwareInfo: deviceId = 0x%x", *hwInfo);
216 |         *hwInfo = kEllesmereDeviceId;
217 |     }
218 |     return ret;
219 | }
220 | 
221 | #pragma mark - Patches on start/stop
222 | 
223 | static void pluginStart() {
224 |     LiluAPI::Error error;
225 |     
226 |     DBGLOG(MODULE_SHORT, "start");
227 |     if (getKernelVersion() < KernelVersion::BigSur) {
228 |         error = lilu.onPatcherLoad([](void *user, KernelPatcher &patcher){
229 |             DBGLOG(MODULE_SHORT, "patching cs_validate_range");
230 |             mach_vm_address_t kern = patcher.solveSymbol(KernelPatcher::KernelID, "_cs_validate_range");
231 |             
232 |             if (patcher.getError() == KernelPatcher::Error::NoError) {
233 |                 orig_cs_validate = patcher.routeFunctionLong(kern, reinterpret_cast<mach_vm_address_t>(patched_cs_validate_range), true, true);
234 |                 
235 |                 if (patcher.getError() != KernelPatcher::Error::NoError) {
236 |                     SYSLOG(MODULE_SHORT, "failed to hook _cs_validate_range");
237 |                 } else {
238 |                     DBGLOG(MODULE_SHORT, "hooked cs_validate_range");
239 |                 }
240 |             } else {
241 |                 SYSLOG(MODULE_SHORT, "failed to find _cs_validate_range");
242 |             }
243 |         });
244 |     } else { // >= macOS 11
245 |         error = lilu.onPatcherLoad([](void *user, KernelPatcher &patcher){
246 |             DBGLOG(MODULE_SHORT, "patching cs_validate_page");
247 |             mach_vm_address_t kern = patcher.solveSymbol(KernelPatcher::KernelID, "_cs_validate_page");
248 |             
249 |             if (patcher.getError() == KernelPatcher::Error::NoError) {
250 |                 orig_cs_validate = patcher.routeFunctionLong(kern, reinterpret_cast<mach_vm_address_t>(patched_cs_validate_page), true, true);
251 |                 
252 |                 if (patcher.getError() != KernelPatcher::Error::NoError) {
253 |                     SYSLOG(MODULE_SHORT, "failed to hook _cs_validate_page");
254 |                 } else {
255 |                     DBGLOG(MODULE_SHORT, "hooked cs_validate_page");
256 |                 }
257 |             } else {
258 |                 SYSLOG(MODULE_SHORT, "failed to find _cs_validate_page");
259 |             }
260 |         });
261 |     }
262 |     if (error != LiluAPI::Error::NoError) {
263 |         SYSLOG(MODULE_SHORT, "failed to register onPatcherLoad method: %d", error);
264 |     }
265 |     error = lilu.onKextLoad(kAMDHWLibsInfo, arrsize(kAMDHWLibsInfo), [](void *user, KernelPatcher &patcher, size_t index, mach_vm_address_t address, size_t size){
266 |         DBGLOG(MODULE_SHORT, "processing AMDRadeonX4000HWLibs");
267 |         for (size_t i = 0; i < arrsize(kAMDHWLibsInfo); i++) {
268 |             if (i == kAmdRadeonX4000 && kAMDHWLibsInfo[i].loadIndex == index) {
269 |                 KernelPatcher::RouteRequest amd_requests[] {
270 |                     KernelPatcher::RouteRequest("__ZN29AMDRadeonX4000_AMDAccelDevice15getHardwareInfoEP24_sAMD_GET_HW_INFO_VALUES", patched_getHardwareInfo, orig_getHardwareInfo),
271 |                 };
272 |                 if (patcher.routeMultiple(index, amd_requests, address, size, true, true)) {
273 |                     DBGLOG(MODULE_SHORT, "patched getHardwareInfo");
274 |                 } else {
275 |                     SYSLOG(MODULE_SHORT, "failed to patch getHardwareInfo: %d", patcher.getError());
276 |                 }
277 |             } else if (i == kAmdRadeonX4000HwLibs && kAMDHWLibsInfo[i].loadIndex == index) {
278 |                 KernelPatcher::LookupPatch patch = {&kAMDHWLibsInfo[kAmdRadeonX4000HwLibs], kCAIL_DDI_CAPS_POLARIS22_A0Original, kCAIL_DDI_CAPS_POLARIS22_A0Patched, sizeof(kCAIL_DDI_CAPS_POLARIS22_A0Original), 1};
279 |                 patcher.applyLookupPatch(&patch);
280 |                 if (patcher.getError() != KernelPatcher::Error::NoError) {
281 |                     SYSLOG(MODULE_SHORT, "failed to binary patch CAIL_DDI_CAPS_POLARIS22_A0: %d", patcher.getError());
282 |                     patcher.clearError();
283 |                     }
284 |                 else{
285 |                     DBGLOG(MODULE_SHORT, "binary patched CAIL_DDI_CAPS_POLARIS22_A0");
286 |                 }
287 |             }
288 |         }
289 |     });
290 |     if (error != LiluAPI::Error::NoError) {
291 |         SYSLOG(MODULE_SHORT, "failed to register onKextLoad method: %d", error);
292 |     }
293 | }
294 | 
295 | // Boot args.
296 | static const char *bootargOff[] {
297 |     "-polaris22off"
298 | };
299 | static const char *bootargDebug[] {
300 |     "-polaris22dbg"
301 | };
302 | static const char *bootargBeta[] {
303 |     "-polaris22beta"
304 | };
305 | 
306 | // Plugin configuration.
307 | PluginConfiguration ADDPR(config) {
308 |     xStringify(PRODUCT_NAME),
309 |     parseModuleVersion(xStringify(MODULE_VERSION)),
310 |     LiluAPI::AllowNormal,
311 |     bootargOff,
312 |     arrsize(bootargOff),
313 |     bootargDebug,
314 |     arrsize(bootargDebug),
315 |     bootargBeta,
316 |     arrsize(bootargBeta),
317 |     KernelVersion::Mojave,
318 |     KernelVersion::Ventura,
319 |     pluginStart
320 | };
321 | 


--------------------------------------------------------------------------------
/Polaris22Fixup/memmem.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  musl as a whole is licensed under the following standard MIT license:
  3 |  
  4 |  ----------------------------------------------------------------------
  5 |  Copyright © 2005-2014 Rich Felker, et al.
  6 |  
  7 |  Permission is hereby granted, free of charge, to any person obtaining
  8 |  a copy of this software and associated documentation files (the
  9 |  "Software"), to deal in the Software without restriction, including
 10 |  without limitation the rights to use, copy, modify, merge, publish,
 11 |  distribute, sublicense, and/or sell copies of the Software, and to
 12 |  permit persons to whom the Software is furnished to do so, subject to
 13 |  the following conditions:
 14 |  
 15 |  The above copyright notice and this permission notice shall be
 16 |  included in all copies or substantial portions of the Software.
 17 |  
 18 |  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 19 |  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 20 |  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 21 |  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 22 |  CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 23 |  TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 24 |  SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 25 |  ----------------------------------------------------------------------
 26 |  */
 27 | #define _GNU_SOURCE
 28 | #include <string.h>
 29 | #include <stdint.h>
 30 | 
 31 | #define UCHAR_MAX (0xFF)
 32 | #define SS (sizeof(size_t))
 33 | #define ALIGN (sizeof(size_t)-1)
 34 | #define ONES ((size_t)-1/UCHAR_MAX)
 35 | #define HIGHS (ONES * (UCHAR_MAX/2+1))
 36 | #define HASZERO(x) ((x)-ONES & ~(x) & HIGHS)
 37 | 
 38 | void *memchr(const void *src, int c, size_t n)
 39 | {
 40 |     const unsigned char *s = src;
 41 |     c = (unsigned char)c;
 42 | #ifdef __GNUC__
 43 |     for (; ((uintptr_t)s & ALIGN) && n && *s != c; s++, n--);
 44 |     if (n && *s != c) {
 45 |         typedef size_t __attribute__((__may_alias__)) word;
 46 |         const word *w;
 47 |         size_t k = ONES * c;
 48 |         for (w = (const void *)s; n>=SS && !HASZERO(*w^k); w++, n-=SS);
 49 |         s = (const void *)w;
 50 |     }
 51 | #endif
 52 |     for (; n && *s != c; s++, n--);
 53 |     return n ? (void *)s : 0;
 54 | }
 55 | 
 56 | static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
 57 | {
 58 | 	uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
 59 | 	for (h+=2, k-=2; k; k--, hw = hw<<8 | *h++)
 60 | 		if (hw == nw) return (char *)h-2;
 61 | 	return hw == nw ? (char *)h-2 : 0;
 62 | }
 63 | 
 64 | static char *threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
 65 | {
 66 | 	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
 67 | 	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
 68 | 	for (h+=3, k-=3; k; k--, hw = (hw|*h++)<<8)
 69 | 		if (hw == nw) return (char *)h-3;
 70 | 	return hw == nw ? (char *)h-3 : 0;
 71 | }
 72 | 
 73 | static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
 74 | {
 75 | 	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
 76 | 	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
 77 | 	for (h+=4, k-=4; k; k--, hw = hw<<8 | *h++)
 78 | 		if (hw == nw) return (char *)h-4;
 79 | 	return hw == nw ? (char *)h-4 : 0;
 80 | }
 81 | 
 82 | #define MAX(a,b) ((a)>(b)?(a):(b))
 83 | #define MIN(a,b) ((a)<(b)?(a):(b))
 84 | 
 85 | #define BITOP(a,b,op) \
 86 |  ((a)[(size_t)(b)/(8*sizeof *(a))] op (size_t)1<<((size_t)(b)%(8*sizeof *(a))))
 87 | 
 88 | static char *twoway_memmem(const unsigned char *h, const unsigned char *z, const unsigned char *n, size_t l)
 89 | {
 90 | 	size_t i, ip, jp, k, p, ms, p0, mem, mem0;
 91 | 	size_t byteset[32 / sizeof(size_t)] = { 0 };
 92 | 	size_t shift[256];
 93 | 
 94 | 	/* Computing length of needle and fill shift table */
 95 | 	for (i=0; i<l; i++)
 96 | 		BITOP(byteset, n[i], |=), shift[n[i]] = i+1;
 97 | 
 98 | 	/* Compute maximal suffix */
 99 | 	ip = -1; jp = 0; k = p = 1;
100 | 	while (jp+k<l) {
101 | 		if (n[ip+k] == n[jp+k]) {
102 | 			if (k == p) {
103 | 				jp += p;
104 | 				k = 1;
105 | 			} else k++;
106 | 		} else if (n[ip+k] > n[jp+k]) {
107 | 			jp += k;
108 | 			k = 1;
109 | 			p = jp - ip;
110 | 		} else {
111 | 			ip = jp++;
112 | 			k = p = 1;
113 | 		}
114 | 	}
115 | 	ms = ip;
116 | 	p0 = p;
117 | 
118 | 	/* And with the opposite comparison */
119 | 	ip = -1; jp = 0; k = p = 1;
120 | 	while (jp+k<l) {
121 | 		if (n[ip+k] == n[jp+k]) {
122 | 			if (k == p) {
123 | 				jp += p;
124 | 				k = 1;
125 | 			} else k++;
126 | 		} else if (n[ip+k] < n[jp+k]) {
127 | 			jp += k;
128 | 			k = 1;
129 | 			p = jp - ip;
130 | 		} else {
131 | 			ip = jp++;
132 | 			k = p = 1;
133 | 		}
134 | 	}
135 | 	if (ip+1 > ms+1) ms = ip;
136 | 	else p = p0;
137 | 
138 | 	/* Periodic needle? */
139 | 	if (memcmp(n, n+p, ms+1)) {
140 | 		mem0 = 0;
141 | 		p = MAX(ms, l-ms-1) + 1;
142 | 	} else mem0 = l-p;
143 | 	mem = 0;
144 | 
145 | 	/* Search loop */
146 | 	for (;;) {
147 | 		/* If remainder of haystack is shorter than needle, done */
148 | 		if (z-h < l) return 0;
149 | 
150 | 		/* Check last byte first; advance by shift on mismatch */
151 | 		if (BITOP(byteset, h[l-1], &)) {
152 | 			k = l-shift[h[l-1]];
153 | 			if (k) {
154 | 				if (k < mem) k = mem;
155 | 				h += k;
156 | 				mem = 0;
157 | 				continue;
158 | 			}
159 | 		} else {
160 | 			h += l;
161 | 			mem = 0;
162 | 			continue;
163 | 		}
164 | 
165 | 		/* Compare right half */
166 | 		for (k=MAX(ms+1,mem); k<l && n[k] == h[k]; k++);
167 | 		if (k < l) {
168 | 			h += k-ms;
169 | 			mem = 0;
170 | 			continue;
171 | 		}
172 | 		/* Compare left half */
173 | 		for (k=ms+1; k>mem && n[k-1] == h[k-1]; k--);
174 | 		if (k <= mem) return (char *)h;
175 | 		h += p;
176 | 		mem = mem0;
177 | 	}
178 | }
179 | 
180 | void *memmem(const void *h0, size_t k, const void *n0, size_t l)
181 | {
182 | 	const unsigned char *h = h0, *n = n0;
183 | 
184 | 	/* Return immediately on empty needle */
185 | 	if (!l) return (void *)h;
186 | 
187 | 	/* Return immediately when needle is longer than haystack */
188 | 	if (k<l) return 0;
189 | 
190 | 	/* Use faster algorithms for short needles */
191 | 	h = memchr(h0, *n, k);
192 | 	if (!h || l==1) return (void *)h;
193 | 	k -= h - (const unsigned char *)h0;
194 | 	if (k<l) return 0;
195 | 	if (l==2) return twobyte_memmem(h, k, n);
196 | 	if (l==3) return threebyte_memmem(h, k, n);
197 | 	if (l==4) return fourbyte_memmem(h, k, n);
198 | 
199 | 	return twoway_memmem(h, h+k, n, l);
200 | }
201 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Polaris22 Driver Fixup
 2 | ======================
 3 | This KEXT fixes known graphics issues with Polaris22/VegaM on OSX. Only tested/supported on 10.14+.
 4 | 
 5 | * Framebuffer corruption due to Metal driver bug. The details of the issue and the fix can be found [here](https://osy.gitbook.io/hac-mini-guide/details/metal-driver-fix).
 6 | * On 10.14.5 Beta 2 and newer versions, boot fails with accelerator enabled and ends in a black screen.
 7 | 
 8 | ## Installation
 9 | 
10 | * You need Lilu 1.3.8 or newer as older versions had incompatibilities
11 | * Install the KEXT along with Lilu
12 | 
13 | ## Implementation
14 | 
15 | ### Metal Bug
16 | 
17 | Userland code injection on 10.14+ is tricky because of various security features designed to prevent malware from taking over system applications. See [this article](https://knight.sc/malware/2019/03/15/code-injection-on-macos.html) for reasons why various older techniques no longer work.
18 | 
19 | We do not have to worry about permissions because we have kernel access, but finding *when* a particular piece of user code is loaded is tricky. OSX does not page in the code until it is needed, so we cannot hook `mmap` or related functions. Instead we hook `cs_validate_range`. This function is called after the code is paged in, in order to check the code signature. We put our hook after this call so we can modify the code after the signature check passes. The advantage of placing our hook here is that we do not cause needless paging which reduces performance.
20 | 
21 | In the hook, we check that the file getting paged in is either `AMDMTLBronzeDriver` or the shared cache `dyld_shared_cache_x86_64h` which contains every platform binary on the system. Once that matches, we do a pattern search for the function to patch and fix it.
22 | 
23 | ### SMU Loading Bug
24 | 
25 | `Polaris22_UploadSMUFirmwareImageDefault` calls`PECI_IsEarlySAMUInitEnabled` to check if SMU firmware can be loaded directly. `PECI_IsEarlySAMUInitEnabled` looks at bit 0x160 of `CAIL_DDI_CAPS_POLARIS22_A0` which should be 0. But it is 1, leading the firmware to not be loaded. Patching the function to return 0 will fix it.
26 | 
27 | Before 10.14.5 Beta 2, it worked by chance. `AtiAppleCailServices::isAsicCapEnabled` did not have `CAIL_DDI_CAPS_POLARIS22_A0` and defaulted all bits to 0.
28 | 
29 | ## Performance
30 | 
31 | Because we are hooking on a hot piece of code (code signature checking), we need to make sure we are not adversely impacting performance. The two operations we add are a string compare for the path name (as well as potentially needing to generate the path name) as well as finding the pattern to patch (only if the path name matches first).
32 | 
33 | Although both operations can be costly, we point out that the path name is at most 1024 bytes which is 1/4 of the minimum size of data (4096) that code signature is checked on. In practice, the path is likely much shorter. In terms of the actual pattern search, we note that right before our hook is called, a SHA hash is computed on the same data. This means the data is already local (in cache) and we have already done Θ(n) work (n bytes). We use a O(n) optimized `memmem` implementation from musl for the pattern search.
34 | 


--------------------------------------------------------------------------------